Image: Tencent
Chinese security researchers said they can alter the firmware of fast chargers to cause damage to connected (charging) systems, such as melt components, or even set devices on fire.
The technique, named BadPower, was detailed last week in a report published by Xuanwu Lab, a research unit of Chinese tech giant Tencent.
According to researchers, BadPower works by corrupting the firmware of fast chargers — a new type of charger that was developed in the past few years to speed up charging times.
A fast charger looks like any typical charger but works using special firmware. This firmware “talks” to a connected device and negotiates a charging speed, based on the device’s capabilities.
If a fast-charging feature is not supported, the fast charger delivers the standard 5V, but if the device can handle bigger inputs, the fast charger can deliver up to 12V, 20V, or even more, for faster charging speeds.
The BadPower technique works by altering the default charging parameters to deliver more voltage than the receiving device can handle, which degrades and damages the receiver’s components, as they heat up, bend, melt, or even burn.
BadPower attack is silent and fast
A BadPower attack is silent, as there are no prompts or interactions the attacker needs to go through, but also fast, as the threat actor only needs to connect their attack rig to the fast charger, wait a few seconds, and leave, having modified the firmware.
Furthermore, on some fast charger models, the attacker doesn’t need special equipment, and researchers say the attack code can also be loaded on regular smartphones and laptops.
When the user connects their infected smartphone or laptop to the fast charger, the malicious code modifies the charger’s firmware, and going forward the fast charger will execute a power overload for any subsequently connected devices.
The damage caused by a BadPower attack usually varies depending on the fast charger model and its charging capabilities, but also on the charged device and its protections.
Researchers tested 35 fast chargers, found 18 vulnerable
The Tencent team said they verified their BadPower attack in practice. Researchers said they selected 35 fast chargers from 234 models available on the market and found that 18 models from 8 vendors were vulnerable.
The good news is that “most BadPower problems can be fixed by updating the device firmware.”
The bad news is that the research team also analyzed 34 fast-charging chips, around which the fast charger models had been built. Researchers said that 18 chip vendors did not ship chips with a firmware update option, meaning there was no way to update the firmware on some fast charger chips.
Tencent researchers said they notified all affected vendors about their findings, but also the Chinese National Vulnerabilities Database (CNVD), in an attempt to accelerate the development and promotion of relevant security standards to protect against BadPower attacks.
Suggestions to fix the BadPower problem include hardening firmware to prevent unauthorized modifications, but also deploying overload protection to charged devices.
A demo video of a BadPower attack is available at the bottom of the Tencent report. The video could not be embedded here.